Implement onPermissionRequest handler for Copilot SDK 0.1.24+

[Copilot]

SDK 0.1.24+ requires an onPermissionRequest handler on createSession(). Without it, permission requests from the agent are unhandled. This wires the handler through the full stack and surfaces it as an interactive TUI prompt.

Changes

src/services/copilot.ts

• Re-exports PermissionRequest, PermissionRequestResult, PermissionHandler SDK types
• Adds onPermissionRequest?: PermissionHandler to StreamCallbacks and sendPromptSync options
• Passes handler into createSession() config when provided

src/services/executor.ts

• Adds onPermissionRequest?: PermissionHandler to ExecutionCallbacks
• Threads it through to both the init task and regular task sendPromptSync calls

src/components/permission-prompt.tsx (new)

• Ink component displaying permission kind, tool name, and y/n keybind hint

src/screens/execute.tsx

• pendingPermission state holds the active request + its Promise resolver
• onPermissionRequest callback passed to executePlan creates a Promise and sets state; useInput resolves it on y/n (intercepts all other keys while pending)
• Renders <PermissionPrompt> inline; logs last 3 decisions
• Status bar updates to y: approve n: deny while a prompt is active

// In execute.tsx — permission handler passed to executePlan
onPermissionRequest: (request, _invocation) => {
  return new Promise<PermissionRequestResult>((resolve) => {
    setPendingPermission({ request, taskId: undefined, resolve });
  });
},

src/services/executor.test.ts

• 4 new tests covering: optional callback, approval result, denial result, all supported permission kinds (shell, write, read, mcp, url)

Original prompt

---

This section details on the original issue you should resolve

<issue_title>[enhancement] Implement required permission handler for Copilot SDK 0.1.24+</issue_title>
<issue_description>## Background

Recent changes to the GitHub Copilot SDK now require a permission handler to be provided when creating or resuming sessions. This was introduced in PR colindembovsky/planeteer#554 by Steve Sanderson on Feb 24, 2026, and is enforced in SDK v0.1.24+.

Key SDK changes:

• Permission handler (onPermissionRequest) is now mandatory when calling createSession() or resumeSession()
• Applies to all permission types: 'tool', 'custom-tool', 'mcp-server', 'custom-agent'
• The handler receives PermissionRequest objects with kind, toolName, details, etc.
• Must return PermissionRequestResult: either { allow: true } or { deny: { kind: 'denied-interactively-by-user', reason: '...' } }

Related commits:

• 279f6c4 - Require permission handler on session creation
• 388f2f3 - Add permission checks for SDK-registered custom tools

Proposal

Implement a permission handler in src/services/copilot.ts that integrates with Planeteer's TUI to let users approve or deny tool/agent permissions interactively:

1. Add onPermissionRequest callback to createSession() calls in copilot.ts
2. Create a permission prompt component (e.g., src/components/permission-prompt.tsx) that:
   • Displays the tool/agent name requesting permission
   • Shows permission kind (tool, custom-tool, mcp-server, custom-agent)
   • Presents approve/deny buttons or keyboard shortcuts
   • Optionally allows "Always allow" / "Always deny" for specific tools
3. Store permission preferences (optional) in plan settings or global config to avoid repeated prompts for the same tools
4. Update executor.ts to handle permission denials gracefully (log and skip tasks if critical tools are denied)

Benefit

• Compliance with SDK requirements: Planeteer will work with SDK v0.1.24+ without errors
• User control: Users can see and approve what tools/agents Copilot uses during execution
• Security: Prevents unexpected tool usage, especially for custom MCP servers or third-party agents
• Better UX: Interactive permission prompts integrate naturally with Planeteer's TUI workflow

Acceptance Criteria

• src/services/copilot.ts provides onPermissionRequest handler to all createSession() calls
• Permission requests trigger an Ink component (modal or inline prompt) in the Execute screen
• Users can approve or deny permissions via keyboard input
• Permission decisions are logged to the event stream displayed in Execute screen
• Denied permissions do not crash task execution; instead, tasks log the denial reason and mark as failed
• Tests verify permission approval/denial flows (unit tests for handler logic)
• Updated to SDK ^0.1.25 to get latest permission features

AI generated by Weekly Enhancement Suggestions

Comments on the Issue (you are @copilot in this section)

• Fixes [enhancement] Implement required permission handler for Copilot SDK 0.1.24+ #23

---

🔒 GitHub Advanced Security automatically protects Copilot coding agent pull requests. You can protect all pull requests by enabling Advanced Security for your repositories. Learn more about Advanced Security.